reports/GO-2020-0041.yaml - vulndb - Git at Google

 module: github.com/unknwon/cae
 package: github.com/unknwon/cae/tz
 additional_packages:
   # CVE-2020-7664
   - module: github.com/unknwon/cae
     package: github.com/unknwon/cae/zip
     symbols:
       - ZipArchive.Open
       - ZipArchive.ExtractToFunc
     versions:
       - fixed: v1.0.1
 versions:
   - fixed: v1.0.1
 description: |
   Due to improper path santization, archives containing relative file
   paths can cause files to be written (or overwritten) outside of the
   target directory.
 published: 2021-04-14T12:00:00Z
 cve: CVE-2020-7668
 symbols:
   - TzArchive.syncFiles
   - TzArchive.ExtractToFunc
 links:
   commit: https://github.com/unknwon/cae/commit/07971c00a1bfd9dc171c3ad0bfab5b67c2287e11
   context:
     - https://snyk.io/research/zip-slip-vulnerability
	module: github.com/unknwon/cae
	package: github.com/unknwon/cae/tz
	additional_packages:
	# CVE-2020-7664
	- module: github.com/unknwon/cae
	package: github.com/unknwon/cae/zip
	symbols:
	- ZipArchive.Open
	- ZipArchive.ExtractToFunc
	versions:
	- fixed: v1.0.1
	versions:
	- fixed: v1.0.1
	description: \|
	Due to improper path santization, archives containing relative file
	paths can cause files to be written (or overwritten) outside of the
	target directory.
	published: 2021-04-14T12:00:00Z
	cve: CVE-2020-7668
	symbols:
	- TzArchive.syncFiles
	- TzArchive.ExtractToFunc
	links:
	commit: https://github.com/unknwon/cae/commit/07971c00a1bfd9dc171c3ad0bfab5b67c2287e11
	context:
	- https://snyk.io/research/zip-slip-vulnerability